admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
References
Configurations
History
21 Nov 2024, 02:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html - Exploit |
Information
Published : 2014-08-06 18:55
Updated : 2024-11-21 02:11
NVD link : CVE-2014-5090
Mitre link : CVE-2014-5090
CVE.ORG link : CVE-2014-5090
JSON object : View
Products Affected
status2k
- status2k
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')